Written on Sunday, May 13, 2007 by Gemini
You may already know that “deleting” a file does nothing of the sort. But did you know that your disk drive has a built-in system for the secure erasure of data?
No? Then read on.
What do you mean “delete” doesn’t delete?
File information is maintained in a directory so your operating system can find it. All that “delete” does is erase the file’s reference information. Your OS can’t find it, but the data is still there.
That’s what those “file recovery” programs look for: data in blocks that the directory says aren’t in use.
You really want to do this.
If you keep business, medical, or personal financial information on disks, simple deletion isn’t enough to protect the data when disposing of the equipment.
Besides identity theft, data loss may leave you or your company liable under federal laws such as HIPAA, Sarbanes-Oxley, Graham-Leach-Bliley or other state laws. Criminal penalties include fines and prison terms up to 20 years. Not to mention the civil suits that can result.
So what’s the magic?
Something called Secure Erase, a set of commands embedded in most ATA drives built since 2001. If this is so wonderful, why haven’t you heard of it before? Because it’s been disabled by most motherboard BIOSes.
Secure Erase is a loaded gun aimed right at all your data. And Murphy’s Law is still in force. But hey, if you’re smart enough to read Storage Bits, you’re smart enough to not play with Secure Erase until you need to.
How does Secure Erase work?
Secure Erase overwrites every single track on the hard drive. That includes the data on “bad blocks”, the data left at the end of partly overwritten blocks, directories, everything. There is no data recovery from Secure Erase.
The National Security Agency, for one. And the National Institute for Standards and Testing (NIST), who give it a higher security rating than external block overwrite software that you’d have to buy. Update: There is an open source external block overwrite utility called Boot and Nuke that is free.
Secure Erase is approved for complying with the legal requirements noted above.
UCSD’s CMRR to the rescue...
The University of California at San Diego hosts the Center for Magnetic Recording Research. Dr. Gordon Hughes of CMRR helped develop the Secure Erase standard.
Download his Freeware Secure Erase Utility, read the ReadMe file and you’re good to go.
To use it you’ll need to know how to create a DOS boot disk - in XP you can do it with the “Format” option after you right-click the floppy icon in My Computer.
Note: Instructions for using HDDerase.exe
Copy the downloaded file, HDDerase.exe onto the
created floppy/CD-ROM bootable DOS disk. Boot the computer in DOS using the
bootable disk. Make sure to set the correct boot priority setting in the system
BIOS. Type “hdderase” at system/DOS prompt to run HDDerase.exe. All ATA hard
disk drives connected to the main system board will be identified and their
information displayed. Make sure that the jumpers on the hard disk drives are
correctly configured. Avoid setting the jumpers to CS (cable select) on the hard
disk drives. Master or slave jumper setting is preferred.
There’s more, but if this is more than you want to deal with then Secure Erase isn’t for you.
If you want to know more CMRR’s 12 page Tutorial on Disk Drive Data Sanitization should satisfy you.
The Storage Bits take
Protecting data sometimes means erasing it. With this utility every storage pro has another tool to protect confidential information.
Note: Mac users already have a similar option under the Finder: “Secure Empty Trash”. And with Disk Utility you can perform a secure erase of all drive free space.